This guide will walk you through setting up Amazon SES (Simple Email Service) for sending bulk emails. You can choose between verifying individual email addresses (for testing) or verifying your entire domain (recommended for production).
Table of Contents
- Overview: Email vs Domain Verification
- Option 1: Verify Individual Email Address (Testing)
- Option 2: Verify Your Domain (Recommended)
- Getting Out of SES Sandbox
- Deliverability Best Practices
- Why Use Your Own Domain?
Overview: Email vs Domain Verification
| Feature | Individual Email Verification | Domain Verification |
|---|---|---|
| Use Case | Testing & Development | Production |
| Setup Complexity | Simple (just verify email) | Moderate (DNS configuration) |
| Sender Address | Must verify each email individually | Any email @yourdomain.com |
| Email Display | Shows "sent via amazonses.com" | Shows your domain |
| Trust & Deliverability | Lower (less trustworthy) | Higher (more professional) |
| SPF/DKIM/DMARC | Limited | Full support |
| Sandbox Requirements | Must verify recipients too | Must verify recipients too |
Step 1: Verify Email Address Associated With Your Domain
📺 Video Tutorial
Step-by-Step Instructions
1Sign in to AWS Console
Go to AWS Console and navigate to SES (Simple Email Service).
2Navigate to Verified Identities
In the SES console, click on "Verified identities" in the left sidebar.
3Create Identity
Click the "Create identity" button.
4Choose Email Address
Select "Email address" and enter the email address you want to verify (e.g., yourname@yourdomain.com).
5Verify Email
Click "Create identity". AWS will send a verification email to that address.
6Check Your Email
Open the verification email from AWS and click the verification link.
7Confirmation
Once verified, the email address will show as "Verified" in the SES console.
- Emails will show "sent via amazonses.com" which is less trustworthy
- You must verify each email address individually
- In sandbox mode, you must also verify recipient email addresses
- Using Gmail addresses can negatively impact deliverability once out of sandbox
Step 2: Verify Your Domain (Recommended for Production)
📺 Video Tutorial
Step-by-Step Instructions
1Sign in to AWS Console
Go to AWS Console and navigate to SES (Simple Email Service).
2Navigate to Verified Identities
In the SES console, click on "Verified identities" in the left sidebar.
3Create Identity
Click the "Create identity" button.
4Choose Domain
Select "Domain" and enter your domain name (e.g., yourdomain.com).
5Configure DNS Records
AWS will provide you with DNS records that need to be added to your domain's DNS settings:
- DKIM records (3 CNAME records) - for email authentication
- Verification record (1 TXT record) - to verify domain ownership
6Add DNS Records
Copy the DNS records from AWS and add them to your domain's DNS provider (e.g., Route 53, Cloudflare, GoDaddy, etc.):
- Log in to your domain registrar or DNS provider
- Navigate to DNS management
- Add the CNAME records for DKIM (usually 3 records)
- Add the TXT record for verification
- Save the changes
7Wait for DNS Propagation
DNS changes can take a few minutes to several hours to propagate. AWS will automatically check for the records.
8Verification Complete
Once AWS detects the DNS records, your domain will show as "Verified" in the SES console.
- Send from any email address on your domain (e.g.,
support@yourdomain.com,noreply@yourdomain.com) - Emails appear to be from your domain (no "sent via amazonses.com")
- Better deliverability and sender reputation
- Full support for SPF, DKIM, and DMARC records
Getting Out of SES Sandbox
By default, AWS SES starts in "Sandbox" mode, which has limitations:
- You can only send emails to verified email addresses
- Limited sending quota (usually 200 emails per day, 1 email per second)
- Designed for testing purposes only
Request Production Access
1Navigate to Account Dashboard
In the SES console, click on "Account dashboard" in the left sidebar.
2Request Production Access
Click the "Request production access" button.
3Fill Out the Request Form
You'll need to provide:
- Mail Type: Select the type of emails you'll send (Transactional, Marketing, or both)
- Website URL: Your website URL
- Use Case Description: Explain how you'll use SES (be detailed and honest)
- Compliance: Confirm you'll follow AWS SES policies and anti-spam laws
4Submit and Wait
Submit the request. AWS typically reviews requests within 24 hours, but it can take up to 48 hours.
5Approval
Once approved, you'll receive an email notification and your account will be moved to production mode.
Deliverability Best Practices
DomainKeys Identified Mail (DKIM)
DKIM is automatically configured when you verify your domain. It adds a digital signature to your emails, proving they came from your domain and haven't been tampered with.
SPF Records
SPF (Sender Policy Framework) records specify which mail servers are authorized to send emails for your domain. AWS SES provides SPF records that should be added to your DNS.
DMARC Records
DMARC (Domain-based Message Authentication, Reporting & Conformance) helps protect your domain from email spoofing and provides reporting on email authentication.
Best Practices
- Use your own domain: Never use free email services (Gmail, Yahoo) for production sending
- Warm up your sending: Start with small volumes and gradually increase
- Monitor bounce and complaint rates: Keep bounce rate below 5% and complaint rate below 0.1%
- Maintain a clean recipient list: Remove invalid emails and unsubscribes promptly
- Use double opt-in: Verify subscribers want to receive your emails
- Include unsubscribe links: Required by law in many jurisdictions
Why Use Your Own Domain Instead of Gmail?
Deliverability Issues
Using a Gmail-only address (or any free email service) can negatively impact your deliverability because:
- Free email providers have their own sending policies and requirements
- Mail servers may flag emails from free addresses as less trustworthy
- You cannot properly configure SPF, DKIM, and DMARC for Gmail addresses
- Your sender reputation is tied to Gmail's reputation, not your own
Professionalism
Using your own domain (e.g., yourname@yourdomain.com) provides:
- Professional appearance and brand consistency
- Better trust from recipients
- Control over your email identity
- Flexibility to use multiple addresses (support@, sales@, etc.)
Control and Reputation
With your own domain, you have:
- Full control: Manage your sender reputation independently
- Better authentication: Proper DKIM, SPF, and DMARC configuration
- Scalability: Send from any address on your domain without additional verification
- Monitoring: Better tracking and reporting of email performance
When to Use Gmail
Gmail addresses are acceptable only for:
- Testing within the SES sandbox environment
- Development and debugging
- Learning how SES works
Once you move to production, you should always use your own domain.
Avoiding the Promotions Tab
If your emails are landing in Gmail's Promotions tab instead of the Primary inbox, here are strategies to improve deliverability:
1. Use Proper Email Headers
Ensure your emails include proper headers. The system automatically includes:
- X-Mailer: Identifies the sending system
- Reply-To: Proper reply-to address
- Configuration Sets: If configured in AWS SES
2. Email Content Best Practices
- Avoid promotional language: Words like "free", "buy now", "limited time", "act now" can trigger promotional filters
- Use personalization: Personalized emails are more likely to land in Primary
- Keep it conversational: Write like you're sending to a friend, not a marketing campaign
- Minimize images: Too many images can trigger promotional filters
- Include plain text version: Always include both HTML and plain text versions
3. Technical Setup
- SPF, DKIM, DMARC: Properly configured (automatic with domain verification)
- Sender reputation: Maintain good sender reputation by keeping bounce/complaint rates low
- Warm up your domain: Start with small volumes and gradually increase
- Use your own domain: Never use free email services (Gmail, Yahoo) for sending
4. Recipient Engagement
- Double opt-in: Verify subscribers want your emails
- Regular sending: Consistent sending schedule helps with reputation
- Monitor engagement: Track opens and clicks - low engagement can hurt deliverability
- Clean your list: Remove inactive subscribers regularly
Next Steps
- Choose your verification method (email for testing, domain for production)
- Complete the verification process
- Configure your AWS credentials in the Configuration section
- Start sending emails!
- Request production access when ready to send to unverified recipients
- Follow best practices above to improve inbox placement
Need help? Check the dashboard to configure your settings.